Commit graph

14071 commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
a3198061f8 dnsmasq: backport dnssec security fix
CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-19 22:11:16 +01:00
Christian Lamparter
51dd8f3875 ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
8d755ef052 firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
f6a8505de0 firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
2d3a73afc4 firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
da5312d06e firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
e0184fd0d5 firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
280a7d3948 firmware: ath10k-firmware: update to 2017-12-20
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Hans Dedecker
26045049ba odhcp6c: add sendopts config support and update to latest git HEAD
Add sendopts config support allowing to add options in sent DHCPv6 packets.

Options can be configured as follows :
	uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:00000000000000000000006674692F 0x3e8:ABCDEF"

Based on a patch by Frank Andrieu <fandrieu@gmail.com>

See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.

Latest git changes :
	1f93bd4 dhcpv6: rework option passthrough logic
	a477e95 odhcp6c: rework userclass and vendorclass command handling
	510aaf6 odhcp6c: add -x opt:val support
	ab75be1 treewide: update copyrights to 2018
	f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-18 11:39:42 +01:00
Dirk Brenken
ef8cd6be1e util-linux: add fstrim support
This PR adds optional fstrim support

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-01-18 08:04:18 +01:00
Mathias Kresin
acafbac4b3 base-files: gpio switch: check if direction can be set
Obviously not all GPIO controller allow to change the direction. The issue
is around since the beginning of the script but only due to the recent
changes error messages are more visible.

Add a check if a change of the direction is supported by the GPIO
controller and fallback to setting only the value if not.

Fixes: FS#1271
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-18 07:22:37 +01:00
Mathias Kresin
f476c9a745 base-files: gpio switch: fix inverted logic
GPIOs are exported as active high to the sysfs, hence the logic need to be
inverted.

Fixes: e66c47fb14 ("base-files: gpio switch: set output value with
       direction")
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-18 07:22:36 +01:00
Hans Dedecker
1ca4f8ca1c ubox: update to latest git HEAD
e7a63fb ubox: Remove unnecessary memset calls

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-17 22:00:43 +01:00
Hans Dedecker
dd975d15a7 ubus: fix wrong PKG_SOURCE_DATE
Fix wrong PKG_SOURCE_DATE introduced in e14cac0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-17 14:09:59 +01:00
Hans Dedecker
e14cac0ebf ubus: update to latest git HEAD
5bae22e ubus/lua: pass notification name to callback
212ceb1 valgrind complained about these
d57907c fix invalid close() call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-17 13:47:14 +01:00
Felix Fietkau
e2c0e904c0 ath9k: discard undersized packets
Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.

Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-17 12:32:48 +01:00
Felix Fietkau
765599cb0e mac80211: remove support code for authsae
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-17 11:05:11 +01:00
Felix Fietkau
8061c62f5d authsae: remove package
It is no longer actively maintained and does not work well in many
configurations. Fully replaced by wpad-mesh

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-17 11:05:11 +01:00
Jo-Philipp Wich
5bbcd80e3f xtables-addons: remove from base
The package has been moved to the package feed repository to allow for
non-base dependencies such as Perl.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 19:40:29 +01:00
Jo-Philipp Wich
5c0b288815 netfilter: enable CONFIG_NF_CONNTRACK_MARK from kmod-nf-conntrack
Unconditionally enable connmark support and tie it to the conntrack core
module to allow removing this kernel configuration dependency from the
xtables-addons package.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 19:39:08 +01:00
Jo-Philipp Wich
190c1c3cc8 iwinfo: update to latest git HEAD
5a5e21b nl80211: skip event notifications in wpa_supplicant scan result reply

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 14:10:52 +01:00
Kevin Darbyshire-Bryant
aba3b1c6a3 dnsmasq: use SIGINT for dnssec time valid
Dnsmasq used SIGHUP to do too many things: 1) set dnssec time validation
enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts
files, 5) reload resolvers/servers files.

Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug
(to indicate time is valid for dnssec) 2) odhcpd (to indicate a
new/removed host - typically DHCPv6 leases) 3) procd on interface state
changes 4) procd on system config state changes, 5) service reload.

If dnssec time validation is enabled before the system clock has been
set to a sensible time, name resolution will fail.  Because name
resolution fails, ntpd is unable to resolve time server names to
addresses, so is unable to set time.  Classic chicken/egg.

Since commits 23bba9cb33 (service reload) &
4f02285d8b (system config)  make it more
likely a SIGHUP will be sent for events other than 'ntpd has set time'
it is more likely that an errant 'name resolution is failing for
everything' situation will be encountered.

Fortunately the upstream dnsmasq people agree and have moved 'check
dnssec timestamp enable' from SIGHUP handler to SIGINT.

Backport the upstream patch to use SIGINT.
ntpd hotplug script updated to use SIGINT.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-15 22:34:51 +01:00
Koen Vandeputte
7488be7010 uqmi: fix raw-ip mode for newer lte modems
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.

In this case, the driver must be informed that it should handle all
packets in raw mode. [1]

This commit fixes connectivity issues for these devices.

Before:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

After:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225

[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html

Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-15 15:30:53 +01:00
Hans Dedecker
4e48230954 6rd: pass ipcalc as argument to eval
Instead of grepping for NETWORK after calling ipcalc.sh; pass ipcalc.sh as
argument to eval allowing to use $NETWORK to retrieve the IPv4 prefix
(ip4prefix).

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-15 09:49:26 +01:00
Piotr Dymacz
53e3df2e71 uboot-envtools: add support for GL.iNet GL-AR750
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-15 00:12:13 +01:00
Piotr Dymacz
ec141c1f3d uboot-envtools: add support for ALFA Network R36A
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-15 00:12:13 +01:00
Piotr Dymacz
b38ff7847b uboot-envtools: add support for ALFA Network N5Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-14 21:30:22 +01:00
Piotr Dymacz
62610129b2 uboot-envtools: add support for ALFA Network AP91-5G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-14 20:33:18 +01:00
Matthias Schiffer
e9fa0b9f3a
ath9k, ath10k(-ct): move spectral scan support under a separate config symbol
Backport patches that separate spectral scan support from general debugfs
support of ath9k/ath10k; this allows to remove the dependency on
KERNEL_RELAY from these driver packages even with debugfs enabled and
avoids the memory footprint of the relay buffers allocated by ath9k/ath10k
even when they aren't used at all.

The KERNEL_RELAY dependency is moved to a new config symbol that enables
spectral scan support in these drivers.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:45 +01:00
Matthias Schiffer
37cf77d946
treewide: fix build depends to refer to source package names
Build depends must refer to source packages rather than binary package
names.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:44 +01:00
Matthias Schiffer
3abf663c22
build: remove package preconfig feature
This feature has been unused for years, and its scope is too limited to be
actually useful.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:44 +01:00
John Crispin
69a36cbab2 fstools: update to latest git HEAD
18090d9 overlay: fix compilation with glibc
2a9a6ea libfstools: optimize building directory string for glob
de6b026 libfstools: support file paths longer than 255 chars

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-13 16:40:07 +01:00
Sven Eckelmann
9514cde2b9 uboot-envtools: add OpenMesh A42 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:44 +01:00
Sven Eckelmann
28b2a8cb82 ipq-wifi: add board-2.bin for OpenMesh A42
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:39 +01:00
Sven Eckelmann
f39fc67c8e mac80211: ath10k: search DT for BDF variant info
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:19 +01:00
Luis Araneda
7293499f71 ipq806x: Sort occurrences of boardame alphabetically
This restores the alphabetical sort that was present
before the renaming of boardname.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-01-13 07:33:03 +01:00
Luis Araneda
33f09cf151 ipq806x: convert to dt-based board-detection
Use the generic board detection method:
- Board name: First compatible string from the device tree
- Board model: Model property from the device tree

Change occurrences of board name in userspace by the compatible
string, and removed target specific board detection script

Replace the definition of SUPPORTED_DEVICES in Device/Default
to extract the dt compatible string from each device definition.
Additionally, for devices supported by lede-17.01, append
the value of BOARD_NAME to SUPPORTED_DEVICES in the device
definition.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-01-13 07:33:03 +01:00
Mathias Kresin
c3d9fe96dc ipq806x: drop partitial supported boards
There are only artifacts for these boards in our tree and not even
partial support.

Drop teh stale files.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-13 07:33:02 +01:00
Kevin Darbyshire-Bryant
89233a8c49 base-files: sysupgrade: correct command help text
Commit 30f61a34b4 claimed to drop -d & -p
options. In reality only -d was dropped.  Update command help text to
reflect that -d is no longer a supported option.

Fixes FS#1187

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-12 16:06:04 +01:00
Kevin Darbyshire-Bryant
9a9c7fb4cf kmod-sched-cake: bump to latest cake bake
More important bug fix:

402f05c Use full-rate mtu_time in all tins.  Fixes an issue where some
cake tins experienced excessive latency since 49776da (dynamically
adjust target)

Minor bug fixes:

31277c2 Avoid unsigned comparison against zero.  Fix compiler warning,
no known impact.
8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
lead to dropping a SYN packet that should not be dropped.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:36:16 +01:00
Matthias Schiffer
f73f1aee76
ebtables: update to latest git 2017-10-24
6a82659 Use flock() for --concurrent option
73c2371 ebtables: extensions: Constify option struct

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:50:50 +01:00
Hans Dedecker
377c4a68fe omcproxy: silence fw3 warnings
Silence fw3 warnings in omcproxy init script in case fw3 is not enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-10 21:38:55 +01:00
Jo-Philipp Wich
fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Mogula Pranay
012d20eebe netifd: update dhcp.script to handle dynamic routing
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations, install a host route towards the gateway.

If Gateway and IP are served in same network, openwrt quagga cannot learn
routes (rip routes are not getting added, showing inactive) whereas
working fine when Gateway and IP are in different network.

Signed-off-by: Mogula Pranay <mogula.pranay@nxp.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-10 09:19:08 +01:00
Mathias Kresin
18f49449b0 ltq-xdsl-app: drop script for renaming the netdev
Our netdevs are named dsl by default now, the rename via scripts isn't
required anymore.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Mathias Kresin
d3fd38637f lantiq: create ATM/PTM interfaces with dsl as netdev name
Renaming an atm etherbride using 'ip link' (via hotplug) is racy since the
original netdev might disappear before br2684ctl has finished appling it's
setting:

 local2.notice br2684ctl[1667]: Interface "nas0" created sucessfully
 local2.notice br2684ctl[1667]: Communicating over ATM 0.8.35, encapsulation: LLC
 kern.info kernel: dsl0: renamed from nas0
 kern.err kernel: br2684:br2684_regvcc: tried to attach to non-existent device
 local2.err br2684ctl[1667]: Could not configure interface:No such device or address

By passing the final used netdev name to br2684ctl_wrap another race
condition workaround will be enabled again.

Change the lantiq ptm driver to create a netdev with the name dsl as well.
Albeit the rename via 'ip link' works fine so far, using a different
approach for ptm then atm could be confusing.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Mathias Kresin
e4936a957d ltq-xdsl-app: drop manual br2684ctl reload
br2684ctl starts automatically, set up reload triggers, which fire as soon
as a atm driver is loaded. No need to do the reload via the script.

The reload is only required as soon as we can reliable switch between atm
and ptm driver and need to be implemented in a race free way.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Martin Schiller
1b1388f640 linux-atm: add br2684ctl option to specify the netdev name
Add the uci option nameprefix to specifc a target netdev name. Patch the
br2684ctl code to accept and set a netdev name via commandline parameters.

It allows to use the same netdev name for ATM and PTM lines on lantiq
xdsl hardware.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathis Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Hauke Mehrtens
e1b653944d uboot-at91: make packages hidden
These packages are needed to generate the image, better mark them hidden
so we will activate them based on which boards gets build and they will
be activated always when the board which needs then gets build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-09 22:58:49 +01:00
Hauke Mehrtens
5147e0d476 at91bootstrap: make packages hidden
These packages are needed to generate the image, better mark them hidden
so we will activate them based on which boards gets build and they will
be activated always when the board which needs then gets build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-09 22:58:49 +01:00